On 2/1/12 11:42 AM, Tim Berners-Lee wrote:
>
> On 2012-01 -20, at 14:32, Ian Hickson wrote
> in
> http://lists.w3.org/Archives/Public/public-webapps/2012JanMar/0238.html :
>
>> On Fri, 20 Jan 2012, Tim Berners-Lee wrote:
>> [...]
>>> There of course places where XHR is used and there is no
>>> cross-sitescripting security needed
>>>
>>> 1) in a browser extension
>>> 2) in node.js code trusted apps
>>
>> These aren't the Web, so they're probably out of scope of the CORS
>> and XHR
>> specs, but Anne can comment if he disagrees. :-)
>>
>>
>>> 3) in web apps when web apps can, in I hope the near future, be
>>> installed, and flagged as trusted code
>>
>> Personally I think the idea of "installing" a Web app is anathema.
>
> You may, but others have a need for it.
>
> The open web platform is a strong contender
> for apps which you write once run anywhere
> and end up being a better alternative, or quietly
> moving out, native apps on all kids of device.
>
> These apps have got to be able to completely
> act as agents trusted by the user, like for example
>
> - a web browser
> - a calendar client
> - an IMAP client
>
> and so on, none of these can you currently write
> as a web app, because of CORS.
>
> As a user when I install an app, I want to be able to give
> it access to a selection of:
>
> - Program storage, to a limit
> - Whether it is permanently available or downloaded or cached for a while
> - Access to RAM at runtime, to a limit
> - Access to the net, maybe to a bandwidth limit
> - CPU time when in background, to a limit
> - Ability to access anything on the web
> - Access to its own local storage up to a given limit
> - Access to shared local storage up to a given limit
> - Access to my location, as we currently allow an origin;
> - Access video and still camera, and sound
> - Access to other sensors such as temp, accelerometer, etc
>
> I want to be able to se where all my resources (including CPU, RAM,
> 'disk') on my laptop or tablet or phone
> are being used up, just like I do with music and movies.
>
> I want maybe a couple of default profiles for all the above.
>
> (I'll want to sync its local and shared data storage between all my
> devices too)
>
> If I can't give power to apps, then the web app platform cannot
> compete with native apps.
>
> I don't want the value of these setting to be the origin domain name
> of the script of the app,
> as that is too high a granularity.
>
> Note that when people talk about installation, they often immediately
> discuss
> packaging and manifest formats, which will need to be defined, and for
> which
> we might have more than one, but is not the crux of the issue -- the
> crux is
> allowing it access to precious and/or sensitive resources.
>
> Tim
>
>
>
Tim,
Amen!!
There is a lot here that would serve really well in presentation form. I
am more than happy to work on this (with others) via a Wiki or some
other collaborative space. These issues are *extremely important* but
not always understood.
--
Regards,
Kingsley Idehen
Founder& CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen